"If phishing were a stock, I would invest in it," Rivner said.
At RSA, the encryption giant that became EMC's security business through a $2.1 billion acquisition in 2006, the target for combatting online banking fraud is the cashing-out step. The company sells software that looks at every transaction a customer makes and assesses the level of risk, Rivner said. It may look at the IP (Internet Protocol) address from which the site is being accessed, as well as that user's typical pattern of transactions. If the risk level is high, the bank can block the transaction and contact the customer directly, he said.
This approach is increasingly being used by banks because of the difficulty of tracking down and eradicating malware and phishing, Rivner said. There may be numerous Trojans on a customer's computer, but the bank isn't hurt by any of them until a fraudster tries to use them to divert money from an account, he said.
Sign up for Computerworld eNewsletters.